OpenLDAP slapd 2.4.3 alpha - openldap-software

10 Feb 2007


      Hello
How configure slapd (with backend sql) for authorized from sasl
because my slapd is crashed before correct authorization (all software is
install on clear system - freebsd 6.1 relase with sasl 2.21), in mysql
database is default data from example.
with unixODBC
./slapd -d -1
"
slap_parseURI: parsing uid=test,cn=digest-md5,cn=auth
ldap_url_parse_ext(uid=test,cn=digest-md5,cn=auth)
...
...
...
dnNormalize: <uid=test,cn=digest-md5,cn=auth>
=> ldap_bv2dn(uid=test,cn=digest-md5,cn=auth,0)
<= ldap_bv2dn(uid=test,cn=digest-md5,cn=auth)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=test,cn=digest-md5,cn=auth)=0
<<< dnNormalize: <uid=test,cn=digest-md5,cn=auth>
<==slap_sasl2dn: Converted SASL name to uid=test,cn=digest-md5,cn=auth
slap_sasl_getdn: dn:id converted to uid=test,cn=digest-md5,cn=auth
SASL Canonicalize [conn=1]: slapAuthcDN="uid=test,cn=digest-md5,cn=auth"
SASL Canonicalize [conn=1]: authzid="test"
SASL proxy authorize [conn=1]: authcid="test" authzid="test"
slapd in free(): error: chunk is already free
Abort (core dumped)
s1#
----- slapd.conf ---------
s1# cat /usr/local/etc/openldap/slapd.conf
# $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf,v
1.5.2.1 2005/01/20 18:04:03 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access.
access to *
     by * write
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
loglevel        -1
#authz-police all
#sasl-host      example.com
#sasl-realm     example.com
#require SASL
authz-regexp
      uid=(.*),cn=(.*),cn=(.*),cn=auth
      ldap:///dc=example,dc=com??sub?(uid=test)
#sasl-secprops none
#authzTo: uid=[^,]*,dc=example,dc=com
#######################################################################
# sql database definitions
#######################################################################
database        sql
suffix          "dc=example,dc=com"
#rootdn         "cn=test,dc=example,dc=com"
#rootpw         secret
dbname          ldap
dbuser          ldap
dbpasswd        ldap123zxc
subtree_cond    "ldap_entries.dn LIKE CONCAT('%',?)"
insentry_stmt   "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval)
VALUES (?,?,?,?)"
has_ldapinfo_dn_ru      no
#access to attrs=userPassword
#      by * auth
#access to * by * none